HYPERVISOR NEWS
Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America. "The group's core tactics have remained consistent and do not...
Beyond Convenience: Exposing the Risks of VMware vSphere Active Directory Integration
Broadcom's VMware vSphere product continues to be a top choice for private cloud virtualization, underpinning important systems and critical infrastructure. Far from losing its appeal, organizations still rely heavily on vSphere for its...
Hypervisor Hangover: Persistence Mechanisms on ESXi
As FIN groups continue to execute fast-impact ransomware campaigns and nation-state APTs favor long-term infrastructure control, hypervisors have become the new high ground. This talk explores a set of stealthy, reliable persistence...
The 99% Solution: MFA for Hypervisor Security
Hypervisor attacks are accelerating, and the cost is catastrophic. Recent ESXi ransomware attacks have cost organizations hundreds of millions in recovery. In some cases, a single ESXi breach has led to costs exceeding $400 million. ...
RansomHub Is Gone—But Their ESXi Ransomware Tactics Still Threaten Virtual Infrastructure
In 2024, one ransomware group surged to the forefront: RansomHub. Rapidly dominating the ransomware-as-a-service (RaaS) landscape, this formidable cybercriminal network successfully breached over 600 organizations worldwide, targeting...
Hypervisor Ransomware: Why The C-Suite Can’t Ignore MITRE ATT&CK V17
Forbes.com
Virtual Demo: Scattered Spider Exposed How Hypervisor Attacks Really Work
Understand how ransomware groups like Scattered Spider compromise your virtual infrastructure—and how to stop them. In today's threat landscape, ransomware groups like Scattered Spider are increasingly targeting hypervisors, leading to...
Virtual Presentation: Protect Your Hypervisor from Ransomware
Attacks on hypervisors are increasing due to their devastating blast radius, as highlighted by the recent attacks on MGM Casinos, Johnson Controls, and MITRE. Now, you can protect your hypervisors: Vali Cyber offers the world’s only...
Scattered Spider: The Group Behind Major ESXi Ransomware Attacks
A new wave of ransomware actors is rewriting the rulebook, and their sights are set on the foundation of enterprise infrastructure: VMware ESXi. Scattered Spider—also tracked as UNC3944, 0ktapus, and Muddled Libra among others—is one of...
From Retail Floors to Virtual Cores: ESXi Is the Next Attack Vector in Retail
In April 2025, Marks & Spencer—one of Britain’s most successful retailers—was crippled by a ransomware attack that didn’t just encrypt endpoints. It locked down VMware ESXi hypervisors, freezing core systems and bringing operations to...
Virtual Demo: A Hole in the Firewall – Why Network Defenses Just Don’t Cut It
Nathan Montierth and Joseph Comps from Vali Cyber's Threat Intelligence Team break down why traditional network defenses, such as firewalls, aren't enough to stop modern threats. Using a real-world inspired attack from UNC3886, where the...
Webinar: ATT&CK v17 Decoded: What IT & Security Teams Must Know
Exploits targeting hypervisors are at an all-time high. Enterprise virtualization is a prime target for threat groups due to valuable data and the challenges associated with preventing escape to host attacks. This has been validated with...
The Oversight That Could Cost You: Why Basic Hypervisor Protection Fails
Modern hypervisors form the backbone of today's cloud and virtualization environments. By enabling multiple business functions to reside on a single physical server, they enhance efficiency and reduce administrative overhead. As...
MITRE ATT&CK v17: Spotlighting ESXi
In a landmark update, MITRE ATT&CK v17 introduces a dedicated ESXi platform to its framework, bringing hypervisor threats into the spotlight. This move validates what security teams have been seeing for years: attackers are targeting...
Why ESXi Security in Manufacturing Can’t Wait
Industry 4.0 is transforming manufacturing, making operations smarter, faster, and more efficient. But with increased connectivity comes increased risk. Hypervisor threats are evolving fast—especially for organizations relying on VMware...
MITRE ATT&CK v17 Is Coming: What Security Teams Should Watch For
MITRE ATT&CK v17 is set to launch on April 22, 2025. While full details haven’t been released, a recent X post from MITRE suggests that VMware ESXi may be a new focus area—an important signal as concerns around ESXi ransomware...